[MPlayer-dev-eng] [BUG][PATCH][RESEND] Another small bug in libmpeg2 0.4.0b usage
Shachar Raindel
shacharr at gmail.com
Tue Aug 31 06:11:28 CEST 2004
Hi,
I have sent this as part of the thread related to libmpeg2 problems,
but since everybody seems to skip it, I resend it with some more
attention drawing headers.
After hunting this bug, I runned mplayer under valgrind, and found
another hidden bug in the libmpeg2 code (vd_libmpeg2.c). This bug is
triggered when libmpeg2 is fed with a large amount of bogus data,
causing it to to return while we try to feed it from the pending data
buffer, causing us to realloc the pending data buffer, and than try to
move the memory inside it, which might cause segmantation fault,
especially if glibc has freed the area. I attach a patch which should
fix this bug as well.
Cheers,
Shachar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libmpeg2-fix2.diff
Type: text/x-patch
Size: 1296 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20040831/e5925662/attachment.bin>
More information about the MPlayer-dev-eng
mailing list